CVE & Exploit Intelligence Database

CVE-2024-50699 8.0 HIGH EPSS 0.00

TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.

CWE-522 Dec 10, 2024

CVE-2024-53832 4.6 MEDIUM EPSS 0.00

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files.

CWE-522 Dec 10, 2024

CVE-2024-40583 9.1 CRITICAL EPSS 0.00

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.

CWE-522 Dec 09, 2024

CVE-2023-48010 9.8 CRITICAL EPSS 0.00

STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.

CWE-522 Dec 05, 2024

CVE-2024-51546 7.5 HIGH 1 PoC Analysis EPSS 0.07

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CWE-522 Dec 05, 2024

CVE-2024-51545 10.0 CRITICAL EPSS 0.00

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CWE-522 Dec 05, 2024

CVE-2024-42457 6.5 MEDIUM EPSS 0.00

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.

CWE-522 Dec 04, 2024

CVE-2024-11856 3.7 LOW EPSS 0.00

A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.

CWE-522 Dec 02, 2024

CVE-2019-17082 EPSS 0.00

Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1.

CWE-522 Nov 26, 2024

CVE-2024-11703 5.7 MEDIUM EPSS 0.00

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.

CWE-522 Nov 26, 2024

CVE-2024-6749 6.3 MEDIUM EPSS 0.00

Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CWE-522 Nov 26, 2024

CVE-2024-47142 5.5 MEDIUM EPSS 0.00

AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.

CWE-522 Nov 22, 2024

CVE-2024-39290 6.5 MEDIUM EPSS 0.00

Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book.

CWE-522 Nov 22, 2024

CVE-2021-1232 6.5 MEDIUM EPSS 0.00

A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CWE-522 Nov 18, 2024

CVE-2022-45157 9.1 CRITICAL EPSS 0.00

A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.

CWE-522 Nov 13, 2024

CVE-2024-47588 4.7 MEDIUM EPSS 0.00

In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability.

CWE-522 Nov 12, 2024

CVE-2024-51240 8.0 HIGH 1 Writeup EPSS 0.00

An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package

CWE-522 Nov 05, 2024

CVE-2024-34885 6.8 MEDIUM 1 Writeup EPSS 0.00

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.

CWE-522 Nov 04, 2024

CVE-2024-34887 4.9 MEDIUM 1 Writeup EPSS 0.00

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.

CWE-522 Nov 04, 2024

CVE-2024-34883 4.9 MEDIUM 1 Writeup EPSS 0.00

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.

CWE-522 Nov 04, 2024